Encryption Everywhere & SSL Lite: Free security for every site

 Program Overview


OpenSRS now offers a complimentary Domain-Vetted SSL Lite certificate, allowing our resellers to provide a FREE, baseline level of security to their customers. You can read more about the program here

Note: An SSL Lite certificate covers both the www and root domain. Be sure to generate the CSR with the root domain to ensure that the certificate will recognize both www and non www.

For coverage beyond www and root, you may opt to purchase the SSL Lite Wildcard.  For more details please see our program page here.

Requirements

To qualify for this free service, a registrant must:

1. Have a domain with OpenSRS

2. Set the domain's nameservers to our SystemDNS. (ns1.systemdns.com / ns2.systemdns.com / ns3.systemdns.com)

3. The domain cannot have a status of Client hold or Suspended

SSL Lite Wildcard

A Wildcard certificate can be purchased for an additional fee.  This allows for unlimited subdomains (on the same webserver) to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name opensrs.com, and have this certificate also cover mail.opensrs.com, ftp.opensrs.com and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.opensrs.com.

To view other SSL products we offer, click here.

Things to consider before ordering

Before placing your Trust order, take a moment to review that all items are valid. 

  • Your CSR contains all the correct information (Common name and or additional SANS)
  • Your CSR has been generated with a signature algorithm of SHA2 

To validate the information contained in your CSR, please see our CSR Parser tool. Symantec also has a great tool here.   

Note: A Certificate Signing Request (CSR) is generated on the server to which the certificate will be installed

Once ordered, the following features are currently NOT supported.  Please make sure everything is correct first before placing an order.  If you need to accomplish any of the following, please use one of our entry-level DV certificate products like RapidSSL instead :

  • Cancel Order
  • Reissue certificate with new CSR
  • Update Order (e.g. approver email change) 

Ordering Process

In the Reseller Control Panel, SSL Lite and SSL Lite Wildcard orders can be added to any new domain registration or existing domain,  and can also be generated through the Trust tab.  The respective process flows are listed below. 


Add SSL Lite to a new domain registration

1. Select the + icon from the Domains tab and enter the domain name you wish to register.

1.png

 

2. Check the Free SSL Certificate option under Domain Settings.

2.png

Please note: SSL Lite requires the use of OpenSRS nameservers (SystemDNS). Checking this feature, therefore, will automatically select the Use Our Nameservers option. If custom nameservers have been defined, checking Free SSL Certificate will cause them to revert to the OpenSRS defaults. 

3.png

 

3. Complete all required fields, then scroll to the bottom and Submit Registration

 

4. Review the order.

A confirmation window will appear, with SSL Lite selected as the default. You also have the option to choose the Wildcard version. Click Continue to Next Step to complete the registration process.

 

4.jpeg

4. Provide the Certificate Signing Request (CSR) and confirm contact information.

Once you have entered your CSR and confirmed the contact information is correct, click Submit to complete your order.

 

Add SSL Lite to an existing domain

1. From the Domains tab, click on the domain to which you would like to add the SSL Lite certificate.

 5.png

2. Locate the Free SSL Certificate under Domain Settings and click Get it now!

 6.png

3. Review the order.

A confirmation window will appear, with SSL Lite selected as the default. You also have the option to choose the Wildcard certificate. Click Continue to Next Step to complete registration process.

7.png

 

4. Provide the Certificate Signing Request (CSR) and confirm contact information.

Once you have entered your CSR and confirmed the contact information is correct, click Submit to complete your order. (How to generate CSR)

 

Add SSL Lite as a new Trust service

1. Initiate a new order.

Select the + icon from the Trust tab and enter the domain name you wish to register.

8.png

 

2.  Select the SSL Lite option.

In the window that appears, select Symantec SSL as the supplier and  SSL Lite as the service and Continue to Next Step.

9.png

 

Next, from the service drop-down menu, select product_type.symantec_ssl_lite or product_type.symantec_ssl_lite_wildcard.

10.png

Please note: There is a fee associated with SSL Lite Wildcard (product_type.symantec_ssl_lite_wildcard)

 

3. Assign the certificate to an existing domain.

Click the option to Associate with existing user and select the domain to which you would like to add the SSL Lite certificate.
11.png

4. Finish the process by clicking Submit.

 

 

CSR Generation and Troubleshooting


How to generate a CSR

A Certificate Signing Request (CSR) is generated on the server on which the certificate will be used. Accordingly, it's best to contact the hosting provider for help in generating a CSR.

Note: Please ensure that your CSR has been generated with a signature algorithm of SHA2.

Our SSL partners have provided some useful resources on CSR generation and SSL installation:

How to generate a CSR 

GeoTrust | Comodo | Trustwave | Symantec | Thawte

How to install an SSL certificate

GeoTrust |Trustwave

How to convert a certificate into the appropriate format 

GeoTrust | Comodo

If you are having trouble generating your CSR or installing a certificate, the system admin of your webserver can best help you.

Trouble Processing your certificate order 

OpenSRS is well-equipped to help you, should you have trouble processing your SSL order. 

The best way to avoid processing delays or order cancelations, is to ensure that all the information contained in the CSR (Common name and or additional SANS) is correct.

Our Parser Tool allows you to parse the CSR while the order is either pending or processing. You can then see the information contained in the CSR, and any errors related to it.

Symantec also has a great tool, which can be accessed here.  

 

API Examples

The two product types to be used are: symantec_ssl_lite & symantec_ssl_lite_wildcard | See below for an example.

Note: SSL Lite certificate itself can not be obtained over API. 

You can also access the complete API XML Guide online.

<?xml version='1.0' encoding='UTF-8' standalone='no'?>
<OPS_envelope>
    <header>
        <version>0.9</version>
    </header>
    <body>
        <data_block>
            <dt_assoc>
                <item key="protocol">XCP</item>
                <item key="action">sw_register</item>
                <item key="object">trust_service</item>
                <item key="attributes">
                    <dt_assoc>
                        <item key="reg_type">NEW</item>
                        <item key="approver_email">admin@example.com</item>
                        <item key="contact_set">
                            <dt_assoc>
                                <item key="organization">
                                    <dt_assoc>
                                        <item key="country">US</item>
                                        <item key="org_name">Example Inc.</item>
                                        <item key="phone">+1.4165550123</item>
                                        <item key="last_name">Ottway</item>
                                        <item key="address2">Suite 500</item>
                                        <item key="state">CA</item>
                                        <item key="email">ottway@example.com</item>
                                        <item key="city">SomeCity</item>
                                        <item key="postal_code">90210</item>
                                        <item key="fax">+1.4165550124</item>
                                        <item key="address1">32 Oak Street</item>
                                        <item key="first_name">Owen</item>
                                        <item key="title">Organization</item>
                                    </dt_assoc>
                                </item>
                                <item key="admin">
                                    <dt_assoc>
                                        <item key="country">US</item>
                                        <item key="org_name">Example Inc.</item>
                                        <item key="phone">+1.4165550123</item>
                                        <item key="last_name">Adams</item>
                                        <item key="address2">Suite 100</item>
                                        <item key="state">CA</item>
                                        <item key="email">adams@example.com</item>
                                        <item key="city">Santa Clara</item>
                                        <item key="postal_code">90210</item>
                                        <item key="fax">+1.4165550125</item>
                                        <item key="address1">32 Oak Street</item>
                                        <item key="first_name">Adler</item>
                                        <item key="title">Admin</item>
                                    </dt_assoc>
                                </item>
                                <item key="billing">
                                    <dt_assoc>
                                        <item key="country">US</item>
                                        <item key="org_name">Example Inc.</item>
                                        <item key="phone">+1.4165550123</item>
                                        <item key="last_name">Burton</item>
                                        <item key="address2">Suite 200</item>
                                        <item key="state">CA</item>
                                        <item key="email">burton@example.com</item>
                                        <item key="city">Santa Clara</item>
                                        <item key="postal_code">90210</item>
                                        <item key="fax">+1.4165550136</item>
                                        <item key="address1">32 Oak Street</item>
                                        <item key="first_name">Bill</item>
                                        <item key="title">Billing</item>
                                    </dt_assoc>
                                </item>
                                <item key="tech">
                                    <dt_assoc>
                                        <item key="country">US</item>
                                        <item key="org_name">Example Inc.</item>
                                        <item key="phone">+1.4165550123</item>
                                        <item key="last_name">Wayne</item>
                                        <item key="address2">Suite 200</item>
                                        <item key="state">CA</item>
                                        <item key="email">wayne@example.com</item>
                                        <item key="city">Santa Clara</item>
                                        <item key="postal_code">90210</item>
                                        <item key="fax">+1.4165550136</item>
                                        <item key="address1">32 Oak Street</item>
                                        <item key="first_name">Thomas</item>
                                        <item key="title">Tech</item>
                                    </dt_assoc>
                                </item>
                            </dt_assoc>
                        </item>
                        <item key="handle">process</item>
                        <item key="csr">
-----BEGIN CERTIFICATE REQUEST-----
MIICuzCCAaMCADB3MQswCQYDVQQGEwJVUzEUMBIGA1UEAxMLZXhhbXBsZS5jb20x
FDASBgNVBAcTC1NhbnRhIENsYXJhMRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xEzAR
BgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAsTB1N1cHBvcnQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDTCJ1qnH3gaKVd8VXTOx5GR+MYinU36Z9psxuG
haMZ70qhTwng5zcbC93XIpAJRkbMwMu1EI10QDNi91Z4ORI9ExbBg0HBrAz+k85O
lMUk1xTR8FQ8eHWXLnL3uXDevi5XMsb0ASB6wADDdvVm2Eb4qu+B1KD5qCSPiRJ2
FLeNNI3JNosmKmtmhqgy6+0qYYTP5RPFJeIu55cvX+r9ghiL11eBg/A+3RBhLdLR
+z0CsngOFMlNxzmP0csINw4FIj4AoAkMiA/2Hf6rT6bHiAtJDbkW6jAS3AQjB1IC
LlkFbr12e5P7USqSsKSbwslOHHBJpfYceA6582MI4ZZ3CerNAgMBAAGgADANBgkq
hkiG9w0BAQsFAAOCAQEAaUwWHGCekeDC9U0OqLHlaXT9yRTpBcMu3waqWWhIgxLP
6ut1YlYjz1yAc7XIJPNo+uyXX1BtrMpGgXt7cJmwLeXPHHs1WoleQfKOGjVRf3+8
sQgdVroMR8HtOPid00Vxd4v1caUQtM7N2e2sWe5IL5OS2ziAflc3UhSoLu7JQwNg
pKCQbOVbq5Y+uWYmMkKaZewIiziUvqngUMgA2ci+BJ2xCZmq00Leq+AZMLKPI2NE
NcKsc4yjB4envG4vzc4qMFQakvH0uvsswZc80H7R7neThUgpfQM+PhDI/z3woTPG
exAECZo+AqWhnwdut/Socu+aFkMO0vl77JD4acjODA==
-----END CERTIFICATE REQUEST-----
</item>
                        <item key="period">1</item>
                        <item key="server_type">apachessl</item>
                        <item key="server_count">1</item>
                        <item key="product_type">symantec_ssl_lite</item>
                    </dt_assoc>
                </item>
            </dt_assoc>
        </data_block>
    </body>
</OPS_envelope>
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk